The use of biometric techniques to identify and/or authenticate the identity of a user is increasing. Biometric techniques that are promoted for this use include voice, fingerprint, iris, vein pattern and other scans. Currently, the use of fingerprint sensors for capturing a fingerprint has shown to be specifically promising, for example due to its ease of integration with different types of electronic equipment, such as smartphones, watches, tablets, etc. The reliability achieved already by currently available electronic fingerprint systems makes them useful also in areas such as immigration, banking, payments, etc.
The general idea when using fingerprint identification/verification is to enroll a fingerprint sample from the user and thereafter compare this with a previously determined template, stored locally within e.g. the smartphone or remotely at e.g. a cloud server. If the comparison result is positive access is granted, otherwise access is denied. The template should thus be seen as a digital identification for the user, and hence if this is lost, the risk that someone abuses it is apparent. Accordingly, it is obvious that local and specifically remote template storage may be risky for a user of the fingerprint system as the damage if an unauthorized entity retrieves the template may be permanent since it is difficult to replace a finger.
In some prior-art examples, such as disclosed in US20150016697A1 being related to a cloud server implementation, the fingerprint data is suggested to be protected through encryption. However, there is an obvious risk that a third-party with enough resources will be able to decipher the fingerprint data. That is, in case the cloud server is hacked this may have serious impact on a large plurality of users having stored their fingerprint data at the cloud server. In fact, such an issue could greatly impact on the public's view of fingerprint systems.
Accordingly, as there is a desire to closely protect user related data while at the same time expanding the use of fingerprint systems due to its reliability and simplicity of use, there is a necessity to provide an alternative and more secure solution, as compared to prior art, where accordingly less risk is placed on the user.